Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-13057

Опубликовано: 26 июл. 2019
Источник: nvd
CVSS3: 4.9
CVSS2: 3.5
EPSS Низкий

Описание

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:*
Версия до 2.4.48 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Версия от 10.13 (включая) до 10.13.6 (исключая)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Версия от 10.14 (включая) до 10.14.6 (исключая)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Версия от 10.15 (включая) до 10.15.2 (исключая)
cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*
Конфигурация 6

Одно из

cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*
Версия до 6.5.1 (исключая)
cpe:2.3:a:mcafee:policy_auditor:6.5.1:*:*:*:*:*:*:*
Конфигурация 7

Одно из

cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*
Версия до 21.1.2 (исключая)
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*

EPSS

Процентиль: 68%
0.00582
Низкий

4.9 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2019-13057

CVSS3: 4.9
ubuntu
больше 6 лет назад

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)

redhat логотип

CVE-2019-13057

CVSS3: 6.5
redhat
больше 6 лет назад

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)

debian логотип

CVE-2019-13057

CVSS3: 4.9
debian
больше 6 лет назад

An issue was discovered in the server in OpenLDAP before 2.4.48. When ...

github логотип

GHSA-5x95-66xj-7chm

CVSS3: 4.9
github
больше 3 лет назад

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)

fstec логотип

BDU:2019-04729

CVSS3: 6.5
fstec
больше 6 лет назад

Уязвимость демона slapd пакета OpenLDAP, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 68%
0.00582
Низкий

4.9 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

NVD-CWE-noinfo